Fixes for v2.24.2 release prep

[data-douser]

This pull request updates the CodeQL CLI version management process to consistently include the extensions/vscode/package.json file across documentation, scripts, and workflows. It also performs a minor dependency update for ESLint in several package.json files. The most important changes are grouped below:

Versioning Process Improvements:

• Updated documentation (SKILL.md) to clarify that extensions/vscode/package.json is included in the CLI-aligned versioning strategy and to use generic version placeholders (e.g., X.Y.Z) for clarity. [1] [2] [3]
• Modified the update workflow (update-codeql.yml) to explicitly mention and summarize changes to extensions/vscode/package.json alongside other version-bearing files. [1] [2]
• Updated the update-release-version.sh script to detect and update the version in extensions/vscode/package.json in addition to other package.json files. [1] [2] [3]

Dependency Updates:

• Bumped eslint from ^10.0.0 to ^10.0.1 in package.json, client/package.json, server/package.json, and extensions/vscode/package.json to ensure consistency and up-to-date linting across the codebase. [1] [2] [3] [4]

Version Bump:

• Updated the version in extensions/vscode/package.json from 2.24.1 to 2.24.2 to reflect the new CLI version.

[github-license-compliance]

@data-douser has requested to close this alert

[github-license-compliance]

@data-douser has requested to close this alert

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

package-lock.json

Package	Version	License	Issue Type
extensions/vscode	2.24.2	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/eslint	^10.0.1	Unknown	Unknown
npm/eslint	^10.0.1	Unknown	Unknown
npm/minimatch	3.1.3	🟢 5	Details Check Score Reason Code-Review ⚠️ 1 Found 4/28 approved changesets -- score normalized to 1 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 9 10 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 9 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@eslint/config-array	0.23.2	Unknown	Unknown
npm/@eslint/object-schema	3.0.2	Unknown	Unknown
npm/ajv	6.14.0	🟢 5.2	Details Check Score Reason Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 2 2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2 Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 2 badge detected: InProgress License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/eslint	10.0.1	🟢 6.3	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 6 Found 18/27 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits
npm/eslint-scope	9.1.1	Unknown	Unknown
npm/eslint-visitor-keys	5.0.1	Unknown	Unknown
npm/espree	11.1.1	Unknown	Unknown
npm/extensions/vscode	2.24.2	Unknown	Unknown
npm/hono	4.12.2	Unknown	Unknown
npm/eslint	^10.0.1	Unknown	Unknown

Scanned Files

• client/package.json
• extensions/vscode/package.json
• package-lock.json
• server/package.json

[Copilot]

Pull request overview

This PR enhances the CodeQL CLI version management infrastructure to consistently track and update the extensions/vscode/package.json file alongside other version-bearing files in the repository. It also performs a minor ESLint dependency update from ^10.0.0 to ^10.0.1 and bumps all versions from 2.24.1 to 2.24.2 to align with CodeQL CLI version 2.24.2.

Changes:

• Enhanced version management to include extensions/vscode/package.json in the CLI-aligned versioning strategy across scripts, workflows, and documentation
• Updated ESLint from ^10.0.0 to ^10.0.1 across all package.json files
• Bumped version from 2.24.1 to 2.24.2 in all version-bearing files

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
server/scripts/update-release-version.sh	Added extensions/vscode/package.json to both collect_versions() and update_versions() functions for consistent version tracking
.github/workflows/update-codeql.yml	Updated PR description template and summary table to explicitly mention extensions/vscode/package.json updates
.github/skills/upgrade-codeql-cli-and-packs/SKILL.md	Updated documentation to clarify that extensions/vscode/package.json is included in versioning and replaced specific version examples with generic placeholders (X.Y.Z)
package.json	Updated ESLint to ^10.0.1 and version to 2.24.2
client/package.json	Updated ESLint to ^10.0.1 and version to 2.24.2
server/package.json	Updated ESLint to ^10.0.1 and version to 2.24.2
extensions/vscode/package.json	Updated ESLint to ^10.0.1 and version from 2.24.1 to 2.24.2
package-lock.json	Regenerated with ESLint 10.0.1 and transitive dependency updates, all package versions set to 2.24.2